Elcomsoft has added support for Miocrosoft Office 2007 passwords to Elcomsoft Distributed Password Recovery. The program offers administrators a comprehensive solution for recovering passwords to documents and files when employees forget their passwords, or when they deliberately add passwords to documents in an effort to sabotage their companies.

Microsoft Office documents security is considerably enhanced in version 2007. The encryption information block is the same as in Office XP/2003, but Office 2007 always uses AES encryption (is the strongest industry-standard algorithm available) with 128 bit key and SHA-1 hashing; besides, new version improves the algorithm of converting passwords into keys: 50000 SHA-1 sequential iterations are being performed now. You would never notice it when opening a file because the whole process requires less than a second. But in a password recovery process, the speed drops significantly: one can test only about 500 passwords per second even on cutting-edge processors such as Intel Core 2 Duo. Thus, one computer can find 4-5 letter passwords only, and so the only way to recover longer passwords to Office 2007 documents is using a cluster. 1000 computers are able to maintain the speed at 500,000 passwords -- comparable to the speed of password recovery on a single computer for older Microsoft Office documents.

Before Distributed Password Recovery, the most effective way to recover a lost password was to put the locked file on the fastest machine in the company, and use brute force to attack the password. Distributed Password Recovery lets you coordinate all of the unused computing power of every computer on your LAN or WAN, and use distributed processing to restore the lost password, which makes the brute-force attack very effective even for the documents where the strong encryption is being used, such as in Office 2007.

Email Address

Spotlight

(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Learn about personal data bankruptcy and the cost of privacy, security and compliance, delivering digital security to a mobile world, and much more.

As ISPs, hosting providers and online enterprises around the world continue suffering the effects of DDoS attacks, often the discussions that follow are, “What is the best way to defend our networks and our customers against an attack?”

The code redirects visitors to another URL where the Fiesta exploit kit is hosted, which then tries to detect and exploit several vulnerabilities in various software. If it succeeds, the visitors are saddled with a banking Trojan.

Looking for an Android-based tablet for your child but don't know which one to choose? If you are concerned about the device's protection against random hackers, Bluebox Security has just released a review of the nine most popular Android tablet models aimed specifically at children.